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Introduction. Verification packages design and analyze the correctness of parallel and distributed systems within the 
framework of various classes of temporal logics of linear and branching time. The paper discusses a polynomially 
realizable class of AjT -formulas interpreted on multi-sorted models with hierarchical suspensions. The suspension 
structure is described by an arbitrary context-free (CF) grammar. The predicates and functions of the model signature 
are interpreted on the original CF-list, which is completed during the interpretation process. 

Materials and Methods. A constant model is constructed for theories from Ag7-quasiidentities with Noetherian and 
confluence properties. We consider formulas of the multi-sorted first-order predicate calculus (PC) language with 
variables of the “list” sort interpreted on models with a hierarchized suspension. The theory is interpreted in terms of 
grammar inference trees describing the behavior of the specified system. The CF-grammar rules hierarchize the action 
space of the modeled system. It is noted that the expressive capabilities of Ay 7-formulas are insufficient for modeling 
real-time systems. Therefore, expressions with unbounded universal quantifier V, known as PT formulas, are used for 
the specification. 

Results. The logical specification of an automated complex which consists of a workpiece manipulator is given as an 
example. The location of the positions is fixed by sensors. The operating cycle of the manipulator is described. The 
specification of its operation consists in the hierarchization of actions by the rules of the CF-grammar and their 
description by the first-order PT-formulas taking into account the time values. 

Discussion and Conclusions. The paper shows that the class of the considered formulas can be used to model real-time 
systems. An example of the logical specification of a manipulator behavior control device is given. 
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Introduction. Mathematically sound, practically significant methods of verification of complex software and 
technical systems are based on the apparatus of mathematical logic [1-4]. The technique of applying this approach to 
various types of real-time reactive systems (communication protocols, control systems, integrated onboard systems of 
space technology, etc.) is known. 

This technique provides verification of model checking systems [5—7]. Numerous verification packages sup- 
port the design and analysis of the correctness of parallel and distributed systems within various classes of linear and 
branching time temporal logics: LTL, CTL, TCTL, etc. [8]. 

To simulate time in these systems, the standard model of the time automaton is used. This is a finite state ma- 
chine equipped with a special type of variable — local clock. Quantitative analysis of the time characteristics of the 
system is complicated by complex exponential algorithms for constructing time zones as equivalence classes [9]. There- 


fore, it is required to develop a more expressive, practically significant specification language to simplify the analysis. 
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It is proposed to use the language of 2- specifications for simulation, highlighted in the concept of semantic 


programming, which is based on the model-theoretic approach [10]. In this case, the 1st order predicate calculus lan- 


guage, extended by axioms for list structure operations can be used to build a formal model of the analyzed system!**"*, 


Materials and Methods. The paper uses terminology of the papers [11, 12]. Let M be a many-sorted signa- 
ture model o=<I1,C , F, R>. Here, J is a set of sorts, including the “list” sort (Jist). C , F , R are sets of constants, 
functions, and predicates, respectively. All signature symbols have a type. If feF' is an -local function, n = 0, then its 
type is <i), ... i,, i>, where i), ...i,,71¢J/, and i), ... i, are types of arguments, 7 is the type of the function value. Simi- 


larly, n- local predicate reR is of type < i), ... in >. The model carrier M is an indexed family of sets U,;=C,, jel, 
where C; is a set of constants of sort j; f? U, x...xU, >U,,rc U, x...xU,. 

For the model M, a list suspension D,(C) from the hierarchized CF-lists, whose structure is set by the CF- 
grammar, is formed over a set of constants C. Here, N, T are sets of nonterminal and terminal symbols. The set D,(C) 
is defined as the smallest set of all lists <7, ,..., ¢,>, formed for each rule A —>_X,...X, €P, n21 as follows: ¢; is an ar- 
bitrary constant of C X> if X; eT; otherwise, for X; €N, the element ¢; is an arbitrary list of X; . 


Ao-formulas are defined in the traditional way as signature formulas ,, using all logical connectives (-, A, V, 








—) and bounded quantifiers Vxert, dxet, Vxct, Axct. Here, x is a variable of an arbitrary sort; t is a term of 


the /ist sort that does not contain x; € is the list membership relation; c the nesting relation for lists, defined as 


<Oj5..,0, > C<O,..,0, >, man. 
Below, we will use only bounded quantifiers of the form Vx € y, Vx € y, where nepemenuag y is a variable 


of list sort, the relation € is transitive closure of the relationship €. Denote the indexed sequence of variables x; by x , 


and the membership relation or its transitive closure — by e. 

Rules of the CF-grammar hierarchize the action space of the simulated system. For reasons of computational 
efficiency, a class of Ao7-formulas with a “tree” prefix is distinguished. We introduce the relation <~ — to the “left” for 
the list elements, namely, for the list < --- «,B....> , we consider « ~ B. 


Definition. A p-formula of the form 


(V1 © ri)... (Vm Erm) (m1 < 11). (ty < 1p) OCF) , m> 1, p= 0 


is called Ao7-formula if n;,l; € (V, 7), 1 < j< p; for all prefix variables, the following condition is true: 74, = 7% 
plsi<morny, =, k Si. lf7jy, = vy, then vir, # Vy and Vizy #1, forall k <i. 

It is easy to show that the prefix of Aj7-formula, due to restrictions on variables, can be presented as a tree 
with root r,, vertices v;, 7; and arcs going from vertex 1; to vertex v;, 1 <i <m. 

The expressive capabilities of A) 7-formulas are not sufficient for modeling real-time systems that function cy- 
clically for an indefinite period of time. We will use for the specification of the PT-formula with a universal quantifier 
Vv. 

Definition. The formula obtained from Ay7-formula through ® unbounded universal quantification Vv ®(v), 
is called the PT-formula. 


The model M is defined by a theory of quasi-identities of the form: 
(Vy E14)... (WM Eh) (4h)... <4) = W@,7)). 
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Here, the formula @ (y) is a conjunction of atomic formulas (or their negations) of the form 7, t;=12, (f=1), f € F,r € 
R, T,, t are terms of signature o. 

The /nt model construction algorithm implements the modus ponens output rule (if @ and o—>y, then y). The 
input data for the interpreter is a set of initial values of functions and predicates of the form: 
So = {p(C), f(O = Cniilp € P, f € F}, where ¢ is a set of constants of n elements, n > 1. 

Axioms (ax) are processed in a certain order, first, with positive occurrences of predicates in the left and right 
parts of ax, then, with negative occurrence until fixed points of calculations are obtained. The scope of functions and 
predicates included in the right-hand side of ax, expands when the left-hand side is true. This is because the interpreter 
sets new values for functions and predicates so that the right-hand side of ax is also true. Let the state S,, of the ana- 
lyzed system at the n-th step of the calculation contain the values of all predicates and functions of the model signature, 
and function t P(S) — P(S) in (terminology [3] — predicate converter) reflects the state change when /nt interpreter 
moves from the n-th step of the calculation to n+1. /nt interpreter constructs the smallest fixed point uZ for the mono- 
tone converter t on P(S). t(Z) =U; t!(So), rae T°(Z) = Z, t*4(Z) = t(1'(Z)) 

Formally, functions f € F and predicate sp € R are interpreted on the CF-list tl(m), which represents the deri- 
vation tree tr(n) in grammar G, where z is the step of /nt work. Due to the difficulty of presenting a compact form of 
the interpretation algorithm on the elements of the CF-list, we first give a verbal explanation of the algorithm, focusing 
on tr(n) tree. The input data for the model construction algorithm (Jn?) are as follows: the derivation source tree tr(0) 
in grammar G, which is expanded under the construction of model M and Fact=S). The CF-grammar is used in the 
process of building the model as follows. First, the rules P hierarchize the space of actions and states of the analyzed 
system. We assume that the action names represented in the model signature by predicates and the names of the corre- 
sponding nonterminal grammar symbols are the same. Secondly, the symbols from alphabet V of the grammar uniquely 
define the sorts of all elements of the model universe, including lists, which are assigned to the sort defined by the root 
mark of the corresponding tree. Sorts will be designated mnemonically with initial lowercase characters for the names 
of nonterminal and terminal grammar symbols with the addition of s (sort) symbol at the end. The main advantage of 
CF-grammars is the possibility of using effective syntactically oriented (SO) methods for analyzing the correctness 
(verification) of the model developed in the theory of syntactic analysis of programming languages. 

The interpreter starts by viewing tree tr(0) from the root top to bottom, from left to right. The prefix of all ax- 
ioms satisfies the constraints AjT-formulas. Prefix sorts are defined by the symbols of the CF-grammar G. The inter- 
preter selects as constants the truth domains of the predicates included in axiom ax € Th, the constants associated with 
the vertices of the tree bush, viewing it from top to bottom, from left to right. Moreover, the bush root is marked with 
the name of the corresponding predicate. To reflect the dependence of the simulated technical system on the sequence 
of input signals, it is required to complete the source tree tr(0). To this end, the sequence of rules pr*(ax) € Pt is 
attributed to the tree output obtained in the previous step of the algorithm. Moreover, constants from the truth domain of 
predicate r are used as terminal symbols subordinate to the tree vertex marked with nonterminal symbol r. 

We describe the interpretation algorithm Int more formally, without detailing the procedure Con(Q,Th) — 
obtaining all logical consequences from the set of formulas Q based on the axioms of the theory Th. Thy = So. Theory 
Thyos S Th includes only positive occurrences of predicates. Thneg S Th includes the negative occurrence of predi- 


cates on the right side of the axioms. We denote tro, t%eg — the derivation trees generated during the interpretation 
process. 

Q:=9; 

Q':=Tho; 

while Q # Q'do 

Qpos = Q; 

Oras = Q'; 

while Qyo5 # Qnos do 
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Qnos = Qpos: 
Qhos = CON(Qhos, Thpos) 
end while 
return (Qpos tos) 5 
Qneg = 9; 
Qneg = Qpos: 
while Qneg # Qneg do 
Qneg = Qneg: 
Qneg = CON(Qneg: Thneg) 
end while 
return (Qneg) reg )s 
Q = Qnosi 
Q' = Qneg 
end while 
return (Qneg,tTneg) 

The verification of model M consists in checking the properties that the analyzed system should satisfy. We 
express these properties by arbitrary AyT-formulas. Using SO-methods of checking formulas, a proof can be construct- 
ed in the same way as in [13]. 

Theorem. Arbitrary AjT- formula with m-bounded generality quantifiers is tested on the CF-list of power 7 in 
time O(n™*"), 

The list power tl is equal to the cardinality of the set{s |s € tl}. 
The estimate is upper, and it can be lowered to linear if you check the formulas using specific SO-methods of language 
processing 

Research Results. We present a logical specification of an automated complex consisting of a manipulator 
maintaining a processing line (¢/) with two positions: loading and unloading of parts (/d and uld , respectively) [14]. 
Sensors record the location of positions. The manipulator functions cyclically starting from the loading position. 

We present a logical specification of an automated complex consisting of a manipulator maintaining a process 
line (tl) (Id and uld, respectively) [14]. 

CYCLE 

1. In the initial position /d to load the part, the manipulator lifts the electric drive in 4 seconds. It compresses 
the automated claws and takes the workpiece (2 sec), lowers the electric drive (4 sec) and moves to the right to the ma- 
chine until the position sensor is triggered ¢1. 

2. To install the workpiece on the machine at position ¢/, the manipulator raises the electric drive, unclenches 
the automated claws (2 sec), lowers the electric drive. Next, the manipulator waits for 4 min, after which it repeats the 
same procedures as in position /d. Then, the manipulator moves to the left to the unloading position until the limit 
switch is triggered uld. 

3. In 8 seconds, the part is unloaded on the conveyor. The manipulator moves to the left until the sensor is 
locked to the loading position /d. Further, the process of complex operation is cyclically repeated. 

The system specification consists of several levels. The manipulator behavior is determined by the signals of 
sensors that record its position: /d, uld, tl (-ld, —uld, tl, negation indicates the absence of the corresponding sign). 
This sequence of signals is represented by the tuple mc=<x, y, z...>, where x = Id (Id), y = uld (= uld), z=tl (= tl). It is 
generated by a finite-state machine with an initial state x. This automaton is constructed according to a right-linear 
grammar with the rules: 

St Id St, | IdSt)| 

St, a St| Atl St, 

St >> uld St|=.uld St. 
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Denote a set of lists, made up of symbol strings generated by this grammar, by Dsig. 

The external discrete time (variable n in the logical specification) is determined by the number of transitions in 
the automaton. To describe the second level of the manipulator operation, the CF-grammar is used, which indicates the 
sequence of actions (Oper) of the manipulator: 

— L, La — loading the workpiece by the manipulator in position /d and tl, respectively; 
— Unl, Unla — unloading of the part in position uld and #; 

— Mover, Movel — movement of the manipulator to the right and to the left; 

— Lstop, Astop, Ulstop — stop of the manipulator in the corresponding position; 

— Exp — waiting; 

— Cr — failure of the manipulator control device. 

The states of the manipulator (symbol Pos) are affected by its actions. In this example, the state is character- 
ized by continuous time Timec and discrete Timed, given by a natural number. The value of sort Timec is segments of 
the form <4,, t, >, ¢,, t; — constants, and < is replaced by ( or [ depending on whether the left border is included in 
the time segment or not, similarly for >. 

When specifying the manipulator behavior, you disregard the value of the time of manipulator movement from 
one position to another (determined by signals from position sensors — input to the manipulator control device). The 
signals that are sent to the manipulator actuators for the movement and operation of the automated claws are output sig- 
nals. 

Below are the grammar rules G. 

. Start {Oper} *. 

. Oper L | La| Unl| Unla| Mover| Movel| Lstop | Astop | Ulstop | Exp | Cr. 
.L> St. 

. La St. 


1 
2 
3 
4 
5. Unl > State. 
6. Unla > State. 
7. Mover —> State. 
8. Movel > State. 
9. Lstop — State. 

10. Astop — State. 

11. Ulstop— State. 

12. Exp — State. 

13. Cr > State. 

14. State Timec Timed | Timed Timed. 

15. Timec— Timed | (Timed, Timed) | [Timed, Timed)| (Timed, Timed] | [Timed, Timed]. 

Timed — a class of tokens whose values are natural numbers calculated under the interpretation of theory Th. 

In theory 7h, variables in formulas are designated mnemonically according to their sort: p (state) = p (State), p 
(oper) = p (Oper), p (n) = p (t) = p (Timed), p (ct) = p (Timec). Predicates Ld, Tl, Unld are defined on the set Timed. 
Ld (n) is true if the manipulator is in the loading position. Similarly, for 77 (n) — at the position of the processing ma- 
chine, U/d (n) — at the position of unloading. Let us list the areas of definition of the remaining predicates: Lstop, As- 
top, Ulstop, Mover, Movel, Cr < TimedxTimed; L, La, Unl, Unla, ExpcTimec x Timed. The formulas use the standard 
functions head (<x,,...x, >) = x,, tail(< x,,...x, >) =< 2x,...x, > and function Mc: Timed— Dc. Here, Dc is a set of lists 
of sensor signals. 


At the initial time t = 0, n = 1 and at the Ist step of the calculation, predicate Lstop(0,1) is executed; Mc (1) = 


mc, where mceDc. In axioms 1-11, variables ¢, and ct are bound by restricted quantifier V state <oper, V t,n, ct 
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€ state. In axioms 12-17, variable n is bound by restricted quantifier V; s, =<<<<0,1>>>>— the initial value of the 


list on which the theory is interpreted. Its list constituents, in order of nesting depth, have the following sorts: p (R), 
p (Oper), p (Lstop), p (0) = p (1) = p (Timed). Tree T, corresponds to list s, (Fig. 1). 


Fig. 1. Tree 7, corresponding to list sy 


In axioms of the theory, the sequence of grammar rules G, that complete tree 7, , is given in square brackets 
on the right. 
Axioms of the theory 
1. Lstop(t, n) A Ld (n) > L([t, t+ 7), n) A Mc (n + 1) = tail(Mc (n)) [1; 2.1; 3; 14.1; 15.3]. 
2. L(ct, n) A Ti(n + 1) > Mover (ct [2], n + 1) A Astop (ct [2], n + 1) [15 2.5; 7; 14.231; 2.8; 10; 14.2]. 
3. Astop (t, n)—> Unla ([t, t + 7], n) [15 2.4; 6; 14.1; 15.2]. 
4. Unla (ct, n) > Exp ((ct [2], ct [2] + 180), 2) [1; 2.10; 11; 14.1; 15.2] 
5. Exp (ct, n) > La ([ct [2], ct [2] + 3), n) A Mc (n + 1) = tail(Mc (n)) [15 2.2; 4; 14.1; 15.2]. 
6 
7 
8 
9 





. La (ct, n) A Uld (n + 1) > Movel (ct [2], n + 1) A Ulstop (ct [2], n + 1) [1; 2.6; 8; 14.2; 1; 2.9; 11; 14.2]. 
. Ulstop (t, nn) > Unl ([t, t + 7), n) A Mc (n + 1) = tail(Mc (n)) [1; 2.3; 5; 14.1; 15.2]. 
. Unl (ct, n) A Ld (n + 1) > Movel (ct [2], n + 1) A Lstop (ct [2], n + 1) [1; 2.6; 8; 14.2; 1; 2.7; 9; 14.2]. 
. Unl (ct, n) AA Ld (n + 1) > Cr (ct [2], n + 1) [1; 2.11; 13; 14.2]. 
10. La (ct,n) A = Unld (n + 1) Cr (ct [2], n + 1) [15 2.11; 13; 14.2]. 
11. L (ct, n) An TI (n+1) > Cr (ct [2], n + 1) [15 2.11; 13; 14.2]. 
12. head (Mc (n)) = Id > Ld (n). 
13. head (Mc (n)) = Id > = Ld (n). 
14. head (Mc (n)) = tl > TI (n). 
15. head (Mc (n)) = =tl > = TI (n). 
16. head (Mc (n)) = uld + Unld (n) 
17. head (Mc (n)) = wuld > = Uld (n). 
Theory 7h has the Noetherian property, since the change of the variable under the quantifier V is limited to k 
— the number of elements in the source list mc. In this case, head (Mc (k+1)) 19s undefined, because Mc (k+1)=< >. 
Note that the strings —/d and others, in the right part of axioms 12-17 have the sort string, and — is considered not as a 
logical operation, but as a symbol. 
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For the initial value of function Mc (1) = <id, tl, uld, Id, stl, uld> , we obtain a set of consequences: 
Lstop(0,1), Ld (1), L ([0,7), 1), Mc (2) = < #, uld, Id, — tl, uld>, Mover (7,2), Astop (7,2), Unla ([7, 14], 2), Exp({14, 
194], 2), La([194, 197), 2), Mc (3) = <uld, Id, — tl, uld>, Movel (197, 3), Ulstop (197, 3), Unl ({197, 204], 3), Mc (4) = 
<Id, — tl, uld >, Movel (204, 4), Lstop (204, 4), L ((204, 211), 4), Mc (5) =< - dl, uld>, Cr (211, 5). 

The resulting set of consequences is hierarchized according to the inference in the grammar G obtained as a re- 
sult of the rules assigned to the interpreted axioms. According to them, 12 more vertices, marked with the same symbol 
and connected by edges to the root, are added to tree 7, to the right of the node marked with symbol Oper. Subtrees 


with roots marked with symbols Ld, Mover, Astop, etc., with their states and constants of sort p (Timed) obtained as a 
result of interpretation, are added to the new vertices. 

Discussions and Conclusions. On the constructed model, you can check the truth of arbitrary A) 7-formulas. 
For example, we formalize the statement: “If the manipulator was in the loading position at the instant of time ¢ at step n 
of its operation cycle, then at step n + 2 after197 sec, it starts unloading for 7 sec”. The formula below is tested on a 
given list Oper of sort p (Oper): 


(Vstate € oper) (VteState) (Vnestate) (Lstop(t, n) > Unl ([t + 197, t + 204], n + 2). 
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